After judge orders release of hacker tied to ISIS, US says ‘Not so fast’

Ardit Ferizi was scheduled to head home to Kosovo amid a 20-year sentence.
The Robert F. Kennedy Department of Justice Building in Washington, D.C., headquarters of the United States Department of Justice.

A convicted hacker whom a U.S. court granted compassionate release during the coronavirus pandemic may remain behind bars after all, following accusations that he committed crimes while in custody. 

Since 2016, Ardit Ferizi, a Kosovan national, has been serving a 20-year prison sentence for providing details about 1,300 U.S. military and government personnel to the Islamic State terrorist group. A judge in December awarded Ferizi, who is overweight and has asthma, compassionate release, citing his vulnerability to COVID-19. 

That was until the U.S. Department of Justice on Jan. 12 unsealed a federal complaint against Ferizi alleging that he had committed multiple new federal crimes while he had been in prison. The charges involve Ferizi allegedly operating a scheme with a family member — who had access to Ferizi’s old email accounts — to monetize stolen personal information, credit card numbers and other data. 

Ferizi was being held in the Federal Correctional Institute in Terre Haute, Indiana while he was awaiting deportation back to Kosovo when the charges were made public. An attorney for Ferizi could not immediately be located for comment. 


“We allege Ferizi provided access to personal information of U.S. citizens, even as he was serving his prison sentence for providing similar information to ISIS,” U.S. Attorney David Anderson said in a statement. 

Ferizi and his unnamed family member used Google, PayPal and Coinbase to try carrying out new crimes, the Justice Department alleged. 

Authorities initially arrested Ferizi in 2015 in Malaysia when he was 19 years old and going by the online alias “Th3Dir3ctorY.” He admitted to hacking an Arizona electronics company and sending a list of federal personnel he obtained in that breach to a contact in the Islamic State group. By scouring the list of stolen addresses, Ferizi found the email usernames ending in “.mil” and “.gov” in a crime that a judge at the time said was motivated more by immaturity than ideology. 

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts